add grant already exists for project user grant

Author: agustin-conductor

pkg/client/client.go

@@ -386,6 +386,27 @@ func (client *Client) GetProjectRoles(ctx context.Context, projectId string) (ma
 	return projectRolesAPIData, err
 }
 
+func (client *Client) GetProjectRoleDetailsById(ctx context.Context, projectId string, roleId string) (*RolesAPIData, error) {
+	var projectRoleDetailsAPIData RolesAPIData
+	endpointUrl, err := url.JoinPath(allProjects, projectId, "role", roleId)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := getRequest(ctx, client, endpointUrl, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := client.httpClient.Do(req, uhttp.WithJSONResponse(&projectRoleDetailsAPIData))
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+	return &projectRoleDetailsAPIData, err
+}
+
 // GetProjectRoleDetails
 // Returns all role details that are present in specific project.
 func (client *Client) GetProjectRoleDetails(ctx context.Context, urlApi string) (RolesAPIData, error) {

pkg/connector/project.go

@@ -213,6 +213,22 @@ func (p *projectBuilder) Grant(ctx context.Context, principal *v2.Resource, enti
 			return nil, err
 		}
 
+		// // Verify the user is not already a member of the project role
+		roleDetails, err := p.client.GetProjectRoleDetailsById(ctx, projectId, roleId)
+		if err != nil {
+			return nil, fmt.Errorf("failed to fetch role details, %w", err)
+		}
+		for _, actor := range roleDetails.Actors {
+			if actor.Name == userName {
+				l.Debug("Project Membership already exists.",
+					zap.String("userName", userName),
+					zap.String("projectId", projectId),
+					zap.String("roleId", roleId),
+				)
+				return annotations.New(&v2.GrantAlreadyExists{}), nil
+			}
+		}
+
 		body := client.BodyActors{
 			User: []string{
 				userName,